From fa9aa74e49cf73025fbc68a68a783bd0ef0b87ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Ta?= <kevin-ta@users.noreply.github.com>
Date: Fri, 15 Oct 2021 17:12:12 +0800
Subject: [PATCH] Restrict /user route to authenticated requests only

---
 app/config/security.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/config/security.yml b/app/config/security.yml
index 2a3a2af..eb08beb 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -56,3 +56,4 @@ security:
         - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/api/doc, role: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/user/.*, role: ROLE_USER }